Fraud Management & Cybercrime , Incident & Breach Response , Managed Detection & Response (MDR)

Fighting Business Email Compromises

Asst. U.S. Attorney Camelia Lopez on Getting Federal Agencies Involved

Organizations that discover they're victims of business email compromise exploits should immediately contact law enforcement officials to report the attacks, says Camelia Lopez, a federal prosecutor for the Eastern District of Texas.

See Also: How to Hunt Threats Like Elite Defenders with Open NDR + MITRE ATT&CK®

Business email compromise exploits use well-thought-out socially engineered scams that con unsuspecting accounting staff members at businesses into scheduling fraudulent wire transfers. Lopez urges organizations to overcome their embarrassment and report the exploit.

"[T]he earlier you contact law enforcement the better ... the earlier we know about it, the earlier agents can ... identify where the vulnerabilities are, take a look at the systems and help you identify what happens. Sooner is better. More communication is better," Lopez says.

In a video interview at the recent Information Security Media Group 2015 Fraud Data Breach Prevention and Response Summit Dallas, Lopez explains that the FBI, Secret Service and other agencies can help organizations to analyze the compromise, paving the way for quicker indictment and prosecution of the perpetrators.

"The response time can be very quick especially if the entity already has an established relationship with an agent. ... They can have somebody at their offices responding within hours," Lopez says.

In this interview, Lopez also discusses:

  • The top trends in data breach investigations;
  • The importance of having a data breach response plan in place before an attack; and
  • The ways in which law enforcement agencies can partner with agencies overseas to apprehend wrongdoers.

A federal prosecutor based in Plano, Texas, Lopez prosecutes fraud-related cases, including mail and wire fraud, data breaches and money laundering. She also is the district coordinator for the Computer Hacking and Intellectual Property program. Before joining the U.S. Attorney's office in 2009, she worked as an assistant district attorney in Dallas County, where she focused on white collar crime, including identity theft and online fraud.

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by, ABC News, and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.